Efficiency, accuracy in ESG data gathering can support sustainability efforts, says KPMG partner
Organisations’ focus will be on optimising resource usage and improving efficiency across the supply chain.
Lee Ser Yen is KPMG Singapore’s current Cyber Advisory partner, with expertise in the areas of technology advisory, cybersecurity, data security and privacy, cryptography, identity and access management, and GRC Technology. He has over 25 years of experience in various leadership roles spanning risk and compliance, security architecture design, product development, and solution implementation.
At the same time, Lee also has extensive operational experience in project management and product marketing and has led the development of information security products and solutions that successfully met stringent government and defence requirements for data protection and secure communications.
Amidst concerns about sustainability in the technology landscape, Lee said technology can be leveraged to support sustainable practices in reducing energy consumption, as well as in minimising carbon footprint and resource wastage.
“Technology will be a key enabler to improve the quality of ESG data for both measurement and reporting to meet regulatory and stakeholders' expectations,” he said.
The KPMG partner sat down with Singapore Business Review to discuss possible improvements in cybersecurity measures for different industries, and the challenges surrounding data security and privacy in Singapore currently.
How should organisations use technology and their digital transformation journeys in their goal of becoming more sustainable?
As organisations embrace technology, their digital transformation initiatives should also be aligned with their sustainability goals. Key focus would be on optimising resource usage and improving efficiency, both internally and externally across the supply chain. Technology can be leveraged to support sustainable practices in reducing energy consumption, minimising carbon footprint and even minimising resource wastage.
Technology will also be a key enabler to improve the quality of ESG data for both measurement and reporting to meet regulatory and stakeholders' expectations. The ability to be more efficient and accurate in data gathering and management will support sustainability efforts in many ways. Using sensors, automation and data analytics, organisations can better monitor, track, report and subsequently improve the sustainability of their supply chain. Large amounts of data can be gathered and analysed for performance monitoring. Real-time updates and reporting will also provide more effective engagements with various stakeholders and support better management decision-making.
Which industries do you think are lagging in terms of strengthening their cybersecurity? How do you think they can improve on it?
Cybersecurity preparedness requires an ongoing effort to assess and mitigate the risk of cyber attacks whilst minimising the impact of successful breaches. It involves continuous investments in people, processes, and technology to constantly stay ahead of potential cyber risks. Industries and sectors which have long been targets for cyber attacks, including defence, government, and financial services, have generally invested more towards building up their cybersecurity defences and capabilities. These organisations handle large amounts of sensitive formation which can be very valuable in the wrong hands or result in significant embarrassment if exposed.
Organisations which own and operate critical information infrastructure (CII) are at higher risk from successful cyberattacks. As such, they have been put on notice by regulators and government agencies across the world to beef up their cybersecurity readiness. Whilst each organisation faces different challenges and risks, such as legacy systems, distributed devices, limited budget, etc., much can be done to keep up with the threats.
In order to put cybersecurity as a priority, business leaders will need to be cyber savvy, and understand the basics to drive the tone from the top. Whilst there is no one-size-fits-all approach or solution, there is still a need to assess the companies’ cyber hygiene and ensure the essentials are done right. This will include implementing robust security policies, investing in and keeping systems updated, establishing incident response plans, as well as training and drills.
What are some of the biggest issues or challenges surrounding data security and privacy in Singapore at the moment?
KPMG’s 2022 Cyber Trust Insights survey found that data security continues to be a key determinant of stakeholder trust in Singapore. 42% of local business leaders in the survey felt that recent data breaches and cyber incidents are the top factors affecting trust in their organisation’s ability to protect and use data.
Each new data activity that an organisation embarks on exposes them to potential vulnerabilities that should be guarded against to maintain trust. As businesses seek to derive a competitive advantage from data, data will be collected, processed and shared in large quantities. How to manage the privacy compliance requirements is a key challenge especially when businesses are conducted across national borders.
In addition, as cloud computing moves into mainstream IT and technology setup, protecting data, and privacy in a cloud environment also needs to be part of business as usual. Sufficient controls have to be baked into the design from the start. This will include the policies and practices of data governance, classification, protection, etc.
Thirdly, ransomware attacks have been widely reported to have surged significantly in 2022 involving up to 25% of all breaches. By targeting the victim’s data, such attacks focus on extracting the largest financial returns. A holistic and multi-layered approach will be required to mitigate the impact and damage of an attack.
With over 25 years of experience consulting in the tech industry, what do you think keeps the excitement alive to serve clients?
We have probably seen the biggest technological advancements in the past 10 to 20 years, from computers, the internet, handphones, high-speed mobile networks, cloud computing, and the list keeps growing exponentially. Technology is constantly evolving and advancing at breakneck speed, and there is excitement to always have something new to learn and skills to pick up.
Consulting gives me the front-row seat to understand clients’ challenges and problems, which are often complex business issues that require the need to address people, process and technology angles all at the same time. There is also a need to bring a diverse group of stakeholders together, both internal and external teams, clients, vendors, and contractors. I enjoy the opportunity to help organisations leverage technology to achieve their goals which often have a positive impact on society. There is never a boring moment as no two clients nor engagements are the same.
As a judge for this year’s SBR Technology Excellence Awards, what was your basis for selecting this year’s winners?
I hope to bring forth companies, technologies and solutions which are innovative, practical, and deliver business impact. The deserving winners will pull all these attributes together each in its own unique way. The awards will be a recognition and endorsement for the great work and achievement each winner has put in.
Innovation. Believe the awards should celebrate the spirit of innovation. Hope to bring forth something that pushes the boundaries, be the trailblazer and flip the convention thinking on its head.
Practical. Would like to maintain that innovations should not be for innovation’s sake, but solves a problem, brings value to users, stakeholders and public-at-large.
Business impact. The winning entries should create economic value and impact. This could be something straightforward like increased efficiency and optimising cost, or something disruptive like creating new markets and services or challenging the status quo of existing market players.